Lawmakers make efforts to protect critical infrastructure in water, utilities sectors

(UC) — Lawmakers are taking steps to prevent a repeat of the Colonial Pipeline ransomware attack, by designing legislation to protect critical infrastructure in the water, utilities and pipeline sectors, according to flagship publication

One measure falls under a new law filed in the 2022 spending bill that requires pipeline operators to report any cyberattacks incurred to the Cybersecurity and Infrastructure Security Agency.

This legislation isn’t the first of its kind, former President Barack Obama issued an executive order in 2013 to narrow the focus on a few vital sectors “where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economy security, or national security.” 

But, the efforts have yet to materialize, with much of the issue around what qualifies as critical infrastructure, according to Rep. Yvette D. Clarke, D-N.Y., chairwoman of the subcommittee on Cybersecurity, Infrastructure Protection and Innovation of the House Homeland Security Committee.

“From where I'm sitting, one thing is clear, the U.S. desperately needs to revamp the playbook it uses for critical infrastructure cybersecurity,” Clarke said.

Plans for additional legislation are already in the works among Clarke and several top Republicans, that aim to draft legislation that better defines what falls under the umbrella of “critical infrastructure”.

This defined legislation would grant CISA and U.S. intelligence agencies the ability to better assist these sectors with security and in turn would relieve the industries of that responsibility.

The goal of the legislation is to better provide the sectors with high-quality threat and intelligence information, while government organizations combat with real-time cyberattacks.

So far, the Department of Homeland Security entity CISA has taken the initiative to flag 16 sectors including financial institutions, hospitals and election systems, as critical. The agency is also lending its expertise to each sector to enhance the security measures that are already in place.

For Congress, the next hurdle is recognizing the sectors that are most susceptible to cyberattacks as well as identifying where the security intelligence is most vital, then allowing CISA and other intelligence agencies to share intelligence with the sectors, according to Frank Ciluffo, director of Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security. 

“I don't think Congress should come in with sledgehammers” in designating vital sectors and prescribing security measures, Ciluffo said. “I think they should come in with scalpels” and improve as they learn more. 

Related News

From Archive


{{ error }}
{{ comment.comment.Name }} • {{ comment.timeAgo }}
{{ comment.comment.Text }}